Member Alert: Twitter Issue Reveals Passwords Compromised!
Last week Twitter made an announcement that an issue was found which allowed for user passwords to appear in plain text in an internal log. With this announcement, Twitter also communicated that the bug has been fixed and that passwords were not exposed.
Passwords are usually masked through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows their system to validate account credentials without revealing the password. Due to the aforementioned bug, passwords were written to an internal log before completing the hashing process. Twitter has stated that they are working on a process to prevent this from happening again in the future.
The company did not mention when the bug occurred, or how long the bug had been storing passwords in plain text, or even how many passwords were affected, but did state that “this is not a breach.”
Twitter has also stated that, as a precaution, users should consider changing passwords on services where users have entered their Twitter password. To further protect your account, it is suggested that all users sign up for two-factor authentication, as well as choosing different, unique passwords for each system or service requiring passwords.
« Return to "Member Alerts"